Author: Nathan Cooprider

Nathan Cooprider is a Senior Software Engineer working on the Threat Stack instance agent. Nathan comes to Threat Stack from the endpoint engineering team of Bit9 + Carbon Black. Prior to Bit9, Nathan led the signal processing software team for the MQ9 Predator drone at BAE. He received his BS in CS from Brigham Young University and his PhD in CS from the University of Utah. Nathan has over a decade of experience working with computer systems. This includes eight refereed publications on the static analysis of microcontroller applications written in C. He also wrote a paper on multivariate data visualization, co-authored a paper on multiple hypothesis tracking, and has supported language modeling research. Nathan's accumulated experience with various software engineering languages and tools includes C, C++, python, doxygen, Jenkins, OCaml, CIL, cmake, and many others.

A developer walks into a bar. He then gets completely and totally plastered before talking to his boss. That conversation then results in him accepting the task of writing a Linux kernel module in C++. I was that developer, minus the walking into a bar and getting plastered part. While I did put up a token effort to advocate doing the development in C, I got overruled. I then threw myself to the task with gusto.

Given the constant changes affecting today’s security industry — whether it’s the explosion of big data, the global shift to cloud-based business models, or the hundreds of technical innovations that occur each day — keeping your security knowledge up-to-date has never been more important. Whether you’re a security professional, a security provider, or a security consumer, there’s a massive need for immediately available, ongoing education.

I attended day two of Secure World Boston on Wednesday. I find that taking notes during sessions helps me learn more — plus, it means I can put together a short blog post to more easily share with you what I learned about PCI compliance, cyber assurance, and using the public cloud for enterprise security. Here are some of the highlights… Read more “A Glimpse Into Boston Secure World 2016”

I believe in application control, often called application whitelisting. A lot of FUD (fear, uncertainty, and doubt) gets spread about today’s cyber threats. Bad actors continue to break in through not-so-advanced and not-very-persistent threats (as opposed to APTs). The entire situation often gets spun horribly, with whitelisting companies claiming a panacea and non-whitelisting security companies asserting it’s too expensive. Nevertheless, I still believe that application whitelisting will take over as the defacto way to secure our digital endpoints, and NIST agrees. Read more “Whitelisting is Dead, Long Live Whitelisting!”

Docker. It’s a thing. A big thing. Actually, it’s a bunch of little things. Things called containers that like to pretend they’re running in isolation. Except they’re not. Nevertheless, they’re still hot right now.

I like the ideas behind quantified self. This has not driven me to purchase an Apple Watch, but I am now on my second fitbit. I also use MyFitnessPal, RunKeeper, Mint, and Jenkins. These services provide low-friction visibility to otherwise obscured aspects of my life. The first step to self-improvement is to “know thyself.”

Quantified self introduces an aspect of continuous monitoring to my life. I could view snapshots into my health every year at my physical or just kind of eyeball my health based on looking in the mirror, but neither of those provides the visibility to optimize my health. And auditing my finances every year at tax time is better than nothing, but that by itself will not lead to wealth.